0

I have a working script via https://learn.microsoft.com/en-us/sql/relational-databases/security/encryption/configure-always-encrypted-keys-using-powershell (KeyVault + SQL Azure setup). Now I have plain Azure PS (KeyVault creation), reflected assemblies (SMO, SqlClient, ConnectionInfo) and the SqlAzure module (column encryption).

Long story short - could I do all that in C#? (I have an existing workflow using the fluent management libraries, and shelling out to PS is something I'd like to avoid if possible).

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
Christoph Wille
  • 311
  • 3
  • 16

1 Answers1

1

You may be able to do that. One idea that comes to mind is to generate separate AAD applications (Id, Secret pairs, See "Generate Application ID and Secret" section of this article) for each role with appropriate permissions and take the take ID, secret as an input from the user. Also, the article describes how to integrate Azure Key vault with C# application and use it for Always Encrypted. If you have additional questions, please share them in the comment section so I can help you answer them.

Nikhil Vithlani - Microsoft
  • 797
  • 5
  • 13
  • That is not really close to where I want to go - I want to configure KV (easy), MSI and then consequently always encrypted in C# - with whatever management library is available. (haven't yet looked at SMO) – Christoph Wille Oct 02 '17 at 18:02
  • You have the right idea, SMO will be useful for managing SQL Server objects. Is there is any specific concern/problem that you foresee? – Nikhil Vithlani - Microsoft Oct 02 '17 at 18:32
  • Question would be what the equivalents from SqlAzure module would be for Add-SqlAzureAuthenticationContext, New-SqlColumnEncryptionKey, New-SqlColumnEncryptionSettings, Set-SqlColumnEncryption et al. – Christoph Wille Oct 03 '17 at 05:48